Index: lams_central/conf/security/Owasp.CsrfGuard.properties
===================================================================
diff -u -rf1ca97f406da2f8804ba1ab0fe07f96738053010 -rf013da27a40a5c84f59bdce2a1b1dec3fc938d28
--- lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision f1ca97f406da2f8804ba1ab0fe07f96738053010)
+++ lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision f013da27a40a5c84f59bdce2a1b1dec3fc938d28)
@@ -26,6 +26,7 @@
 org.owasp.csrfguard.protected.notebookSaveTeacherComment=/lams/tool/lantbk11/monitoring/saveTeacherComment.do
 org.owasp.csrfguard.protected.sbmtSubmissionDeadline=/lams/tool/lasbmt11/monitoring/setSubmissionDeadline.do
 org.owasp.csrfguard.protected.scratchieSubmissionDeadline=/lams/tool/lascrt11/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.shareresourcesChangeItemVisibility=/lams/tool/larsrc11/monitoring/changeItemVisibility.do
 org.owasp.csrfguard.protected.surveySubmissionDeadline=/lams/tool/lasurv11/monitoring/setSubmissionDeadline.do
 org.owasp.csrfguard.protected.taskSubmissionDeadline=/lams/tool/latask10/monitoring/setSubmissionDeadline.do
 org.owasp.csrfguard.protected.voteSubmissionDeadline=/lams/tool/lavote11/monitoring/setSubmissionDeadline.do
Index: lams_tool_larsrc/src/java/org/lamsfoundation/lams/tool/rsrc/web/controller/MonitoringController.java
===================================================================
diff -u -reeaec5d1e9dedb2349cabff878dfae20be73c585 -rf013da27a40a5c84f59bdce2a1b1dec3fc938d28
--- lams_tool_larsrc/src/java/org/lamsfoundation/lams/tool/rsrc/web/controller/MonitoringController.java	(.../MonitoringController.java)	(revision eeaec5d1e9dedb2349cabff878dfae20be73c585)
+++ lams_tool_larsrc/src/java/org/lamsfoundation/lams/tool/rsrc/web/controller/MonitoringController.java	(.../MonitoringController.java)	(revision f013da27a40a5c84f59bdce2a1b1dec3fc938d28)
@@ -54,6 +54,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.util.HtmlUtils;
 
 import com.fasterxml.jackson.databind.node.ArrayNode;
@@ -176,7 +177,7 @@
 	return null;
     }
 
-    @RequestMapping("/changeItemVisibility")
+    @RequestMapping(path = "/changeItemVisibility", method = RequestMethod.POST)
     public String changeItemVisibility(HttpServletRequest request) {
 	Long itemUid = WebUtil.readLongParam(request, ResourceConstants.PARAM_RESOURCE_ITEM_UID);
 	boolean isHideItem = WebUtil.readBooleanParam(request, ResourceConstants.PARAM_IS_HIDE_ITEM);
Index: lams_tool_larsrc/web/WEB-INF/tlds/security/csrfguard.tld
===================================================================
diff -u
--- lams_tool_larsrc/web/WEB-INF/tlds/security/csrfguard.tld	(revision 0)
+++ lams_tool_larsrc/web/WEB-INF/tlds/security/csrfguard.tld	(revision f013da27a40a5c84f59bdce2a1b1dec3fc938d28)
@@ -0,0 +1,70 @@
+<?xml version="1.0"?>
+<!--
+The OWASP CSRFGuard Project, BSD License
+Eric Sheridan (eric@infraredsecurity.com), Copyright (c) 2011 
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+   this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. Neither the name of OWASP nor the names of its contributors may be used
+   to endorse or promote products derived from this software without specific
+   prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ -->
+<taglib xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd" version="2.0">
+	<tlib-version>1.2</tlib-version>
+	<jsp-version>2.0</jsp-version>
+	<short-name>Owasp CsrfGuard Tag Library</short-name>
+	<uri>http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld</uri>
+	<tag>
+		<name>token</name>
+		<tag-class>org.owasp.csrfguard.tag.TokenTag</tag-class>
+		<body-content>empty</body-content>
+		<attribute>
+			<name>uri</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+	</tag>
+	<tag>
+		<name>tokenname</name>
+		<tag-class>org.owasp.csrfguard.tag.TokenNameTag</tag-class>
+		<body-content>empty</body-content>
+	</tag>
+	<tag>
+		<name>tokenvalue</name>
+		<tag-class>org.owasp.csrfguard.tag.TokenValueTag</tag-class>
+		<body-content>empty</body-content>
+		<attribute>
+			<name>uri</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+	</tag>
+	<tag>
+		<name>a</name>
+		<tag-class>org.owasp.csrfguard.tag.ATag</tag-class>
+		<dynamic-attributes>true</dynamic-attributes>
+	</tag>
+	<tag>
+		<name>form</name>
+		<tag-class>org.owasp.csrfguard.tag.FormTag</tag-class>
+		<dynamic-attributes>true</dynamic-attributes>
+	</tag>
+</taglib>
Index: lams_tool_larsrc/web/WEB-INF/web.xml
===================================================================
diff -u -rb935721d25817b83c29d3166a7fa9b4b9b7d3785 -rf013da27a40a5c84f59bdce2a1b1dec3fc938d28
--- lams_tool_larsrc/web/WEB-INF/web.xml	(.../web.xml)	(revision b935721d25817b83c29d3166a7fa9b4b9b7d3785)
+++ lams_tool_larsrc/web/WEB-INF/web.xml	(.../web.xml)	(revision f013da27a40a5c84f59bdce2a1b1dec3fc938d28)
@@ -29,7 +29,11 @@
 		<listener-class>
 			org.springframework.web.context.ContextLoaderListener
 		</listener-class>
-	</listener>
+    </listener>
+    <filter>
+        <filter-name>CSRFGuard</filter-name>
+        <filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
+    </filter>
 
 	<filter>
 		<filter-name>hibernateFilter</filter-name>
@@ -62,7 +66,11 @@
 	<filter-mapping>
 		<filter-name>hibernateFilter</filter-name>
 		<url-pattern>/*</url-pattern>
-	</filter-mapping>
+    </filter-mapping>
+    <filter-mapping>
+        <filter-name>CSRFGuard</filter-name>
+        <url-pattern>*.do</url-pattern>
+    </filter-mapping>
 	<filter-mapping>
 		<filter-name>SystemSessionFilter</filter-name>
 		<url-pattern>/*</url-pattern>
@@ -159,7 +167,14 @@
 		<taglib>
 			<taglib-uri>tags-lams</taglib-uri>
 			<taglib-location>/WEB-INF/tlds/lams/lams.tld</taglib-location>
-		</taglib>
+        </taglib>
+        <!-- ======================================================== -->
+        <!-- CSRF Guard Tag Library -->
+        <!-- ======================================================== -->
+        <taglib>
+            <taglib-uri>csrfguard</taglib-uri>
+            <taglib-location>/WEB-INF/tlds/security/csrfguard.tld</taglib-location>
+        </taglib>
 
 	</jsp-config>
 
@@ -258,4 +273,4 @@
 		<error-code>404</error-code>
 		<location>/404.jsp</location>
 	</error-page>
-</web-app>
\ No newline at end of file
+</web-app>
Index: lams_tool_larsrc/web/common/taglibs.jsp
===================================================================
diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -rf013da27a40a5c84f59bdce2a1b1dec3fc938d28
--- lams_tool_larsrc/web/common/taglibs.jsp	(.../taglibs.jsp)	(revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80)
+++ lams_tool_larsrc/web/common/taglibs.jsp	(.../taglibs.jsp)	(revision f013da27a40a5c84f59bdce2a1b1dec3fc938d28)
@@ -4,4 +4,5 @@
 <%@ taglib uri="tags-fmt" prefix="fmt" %>
 <%@ taglib uri="tags-xml" prefix="x" %>
 <%@ taglib uri="tags-lams" prefix="lams" %>
-<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %> 
\ No newline at end of file
+<%@ taglib uri="csrfguard" prefix="csrf" %>
+<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %> 
Index: lams_tool_larsrc/web/pages/monitoring/.summary.jsp.swp
===================================================================
diff -u
Binary files differ
Index: lams_tool_larsrc/web/pages/monitoring/summary.jsp
===================================================================
diff -u -r1ba75f43a383fb925aae69975d748d0a8dfdf9a5 -rf013da27a40a5c84f59bdce2a1b1dec3fc938d28
--- lams_tool_larsrc/web/pages/monitoring/summary.jsp	(.../summary.jsp)	(revision 1ba75f43a383fb925aae69975d748d0a8dfdf9a5)
+++ lams_tool_larsrc/web/pages/monitoring/summary.jsp	(.../summary.jsp)	(revision f013da27a40a5c84f59bdce2a1b1dec3fc938d28)
@@ -221,7 +221,7 @@
 	
 	function changeItemVisibility(linkObject, itemUid, toolSessionId, isHideItem) {
         $.ajax({
-            url: '<c:url value="/monitoring/changeItemVisibility.do"/>',
+            url: '<c:url value="/monitoring/changeItemVisibility.do"/>?<csrf:token/>',
             data: 'sessionMapID=${sessionMapID}&toolSessionID='+toolSessionId+'&itemUid=' + itemUid + '&isHideItem=' + isHideItem + '&toolContentID=' + ${sessionMap.toolContentID},
             type: 'post',
             success: function () {